Hey Mike! Thanks for the reply. We've set it up in the correct mode on the Cisco side, "no tunnel authentication" - his config looks like this on the LAC side - from following all the forum posts. vpdn-group NICKPRATLEY-AGVC request-dialin protocol l2tp domain domain.com initiate-to ip x.x.x.27 priority 1 (My side of the /30) source-ip x.x.32.4 - (His loopback0, advertised to me via BGP) local name NICKPRATLEY-BROADBAND ip pmtu ip mtu adjust The problem with a 'cheap' Cisco router, ala the 1841 that I *was* using this to complete the LNS routing passed away! Hence trying to get it working on a fault-tolerant VM ;) I've set it all up as per recommendations from Tim, I am seeing the auth sessions come in when torching the interface but it's not processing the requests on my side - and there is no l2tp traffic going out still :( Regards, Nick Pratley Integration Manager[image: Facebook] <https://www.facebook.com/ServersAustralia>[image: @serversau on Twitter] <https://twitter.com/serversau>[image: Servers Australia] Ask us about web hosting... Phone: +61 2 8115 8817 Network Ops: +61 2 8115 8850 Main Switch: +61 2 8115 8888 Web: www.serversaustralia.com.au 11/6 Reliance Drive, Tuggerah NSW 2259 PO Box 3187, Tuggerah NSW 2259 SYDNEY | BRISBANE | PERTH | MELBOURNE | NEW ZEALAND *Notice:* This message may contain private and confidential information intended only for the recipients. If you have received this message in error please delete immediately and notify the sender. Any distribution or reproduction of this message is prohibited. The views & opinions expressed in this email are NOT necessarily those of Servers Australia. On Mon, Mar 9, 2015 at 11:48 AM, <mike@duxtel.com> wrote:
Hi Nick!
There are two kinds of l2tp authentication mechanisms- host based and user based. Hist based auth for l2tp is not currently available in routerOS, but is the default for many (most) wholesale dsl providers.
Could that be related to your problem?
If so, there are only two ways that I know of how to solve it - one way is to convince the other end admins to use user based auth. The other way is to use a third party router (e.g Cisco) to terminate the l2tp tunnel and bridge it to a physical Ethernet interface.
Hope it helps!
Cheers, Mike
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Nick Pratley Sent: Sunday, 8 March 2015 9:52 AM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] MikroTik LNS config
Thanks Tim,
There is a VLAN and a /30 between myself & the provider, BGP established over that link and they send all traffic form their loopback IP over to my side of the /30.
Was only a few changes away to get to that - but it still doesn't work or I have completely missed something.
The remote-address in the secret should be what I want the DSL tail to get from the server, correct?
This is what I have so far if it helps
/ppp profile name="default-l2tp" local-address=x.x.x.27 remote-ipv6-prefix-pool=*0 use-ipv6=no use-mpls=no use-compression=no use-vj-compression=no use-encryption=no only-one=default change-tcp-mss=yes address-list="" dns-server=8.8.8.8
/ppp secret name="nick@domain.com" service=l2tp caller-id="nick@domain.com" password="hidden" profile=default-l2tp remote-address=192.168.10.100 routes="" limit-bytes-in=0 limit-bytes-out=0 last-logged-out=jan/01/1970 00:00:00
/interface l2tp-server name="l2tp-in1" user=""
/interface l2tp-server enabled: yes max-mtu: 1500 max-mru: 1500 mrru: 1600 authentication: pap,chap keepalive-timeout: 30 default-profile: default-l2tp use-ipsec: no ipsec-secret: _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au